General

  • Target

    mixthree_20210607-093819

  • Size

    536KB

  • Sample

    210607-554bnhmbcs

  • MD5

    e7ccfdce0d5c66e3f1d4d89eac63fafa

  • SHA1

    23634375e7b10ca832f7da12569e1390171a41fd

  • SHA256

    4cd381d6f335c3f329c9d0aeff1a0336d1aeddd13e5cccef40315bb7b0616cc1

  • SHA512

    9ddb95a47cd45f4a81e411240c7964411195dcd6e641eae31159b4601ac06084bf9a967acb4e88dd762fa70fdf4856fec135bd8c4bdc91968e47c542033af60f

Malware Config

Extracted

Family

raccoon

Botnet

28198d4512d0cf31c204eddceb4471d79950b588

Attributes
  • url4cnc

    https://tttttt.me/capibar

rc4.plain
rc4.plain

Targets

    • Target

      mixthree_20210607-093819

    • Size

      536KB

    • MD5

      e7ccfdce0d5c66e3f1d4d89eac63fafa

    • SHA1

      23634375e7b10ca832f7da12569e1390171a41fd

    • SHA256

      4cd381d6f335c3f329c9d0aeff1a0336d1aeddd13e5cccef40315bb7b0616cc1

    • SHA512

      9ddb95a47cd45f4a81e411240c7964411195dcd6e641eae31159b4601ac06084bf9a967acb4e88dd762fa70fdf4856fec135bd8c4bdc91968e47c542033af60f

    • Raccoon

      Simple but powerful infostealer which was very active in 2019.

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks